RE: @the.masses account has been shut down :(

You are viewing a single comment's thread from:

RE: @the.masses account has been shut down :(

transisto (74)in #themasses • 8 years ago

So the key for the account has been changed ? What do you think would have happen otherwise ? Seems like the actual experiment wasn't fully let to happen.

8 years ago in #themasses by transisto (74)

$0.00

Sort:

Trending

[-]

pfunk (72) 8 years ago (edited)

[nested reply]

There is a disabled Steem command which can be used to challenge that someone using a posting authority on an account has access to the account's active key, more thoroughly indicating ownership. Here's the cli_wallet documentation on it:


Challenge a user's authority. The challenger pays a fee to the challenged
which is depositted as Steem Power. Until the challenged proves their
active key, all posting rights are revoked.

Parameters:
    challenger: The account issuing the challenge (type: string)
    challenged: The account being challenged (type: string)
    broadcast: true if you wish to broadcast the transaction (type: bool)

It was disabled in the version 0.14 hardfork and hasn't been reenabled.

Challenge Authority

Fixed a bug where an account's active authority could not be challenged. Subsequently, because there is no way of addressing the challenge through steemit.com, we have disabled the operation entirely for the moment as it could be an attack vector against users that do not know how to use the cli wallet. The operation will be enabled at a later time when steemit.com can more elegantly handle challenge scenarios.

https://github.com/steemit/steem/releases/tag/v0.14.1

But if someone's posting auth is compromised (as the.masses' intentionally was, so that it could be used as an anonymous outlet), and the account begins to spam, downvotes can be used to reduce the account's reputation. Although the higher-rep-than-downvoter immunity function of reputation might make it difficult if a very high rep account had its posting key compromised. If the owner of the account is paying attention they can change the password of their account using Steemit and the posting key will change with it.

$0.34

1 vote

[-]

pfunk (72) 8 years ago

[nested reply]
What I mean is that @timcliff changed the posting key with his authority as its owner to a new posting key which isn't public. This is the transaction: https://steemd.com/tx/0e3bf7f6cf09927bac020431f7f84c9fc8da16c0

$0.00

1 vote

[-]

transisto (74) 8 years ago

I'm trying to say that this will most likely happen often and there will be nobody to change that posting key. How does steem mitigate agaist this kind of attack ?

$0.00

[-]

pfunk (72) 8 years ago

The posting key was public. It was changed by @timcliff (who created/owns the account) to a new, non-public key when it was being abused for comment spamming. Before all of this, @the.masses was used for its intended purpose, with mixed results, but never enough abuse for the public posting key to be revoked.

$0.00

[-]

transisto (74) 8 years ago

Do you know where I can read about that revocation aspect ? I've searched online and the whitepaper and can find anything about it.

$0.00